2

I am generating a JWT token using the code below

 JwsHeaders headers = new JwsHeaders(SignatureAlgorithm.HS256);
        JwtClaims claims = new JwtClaims();
        claims.setSubject(login);
        claims.setIssuer(issuer);
        claims.setAudiences(roles);
        Calendar now = Calendar.getInstance();
        long issuedAt = now.getTimeInMillis() / 1000;
        claims.setIssuedAt(issuedAt);
        claims.setExpiryTime(issuedAt + EXPIRY_PERIOD);

        JwsCompactProducer jws = new JwsJwtCompactProducer(headers, claims);
        return jws.signWith(new HmacJwsSignatureProvider(secret.getBytes(), SignatureAlgorithm.HS256));

When the token generated by this code comes through JweCompactConsumer class JweException is thrown. In the log I can see warn message

o.a.c.r.s.jose.jwe.JweCompactConsumer : 5 JWE parts are expected

How do I need to correct generation?

Alex Bondar
  • 1,167
  • 4
  • 18
  • 35
  • seems you're mixing JWS(signed token) and JWE(encrypted token). And it's not the header that should consist of 5 parts, but the token itself. A JWS has only 3 parts (header.payload.signature) – jps Jul 18 '19 at 16:00

1 Answers1

1

The solution is pretty simple

In my auth filter I needed to disable JWE 

 setJweRequired(false);

After this all JWE requried checks are omitted

Alex Bondar
  • 1,167
  • 4
  • 18
  • 35